Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 9 hours ago3 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-48125

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday23 views

CVE-2026-48125 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 8:15 p.m.34 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:15 p.m.4 views

GHSA-9H5V-PFQQ-X599 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49551

Name of the Vulnerable Software and Affected Versions UAParser.js versions 2.0.1 through 2.0.9 Description A regular expression denial-of-service ReDoS exists when using the Client Hints API. An attacker can cause excessive CPU consumption and a denial-of-service condition in server-side...

5.3CVSS6.1AI score
Exploits0References6
Circl
Circl
added 2026/05/21 3:31 p.m.9 views

CVE-2026-48125

creationtimestamp| type| source ---|---|--- 2026-05-21 15:31:36+00:00| published-proof-of-concept| https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-9h5v-pfqq-x599...

5.3CVSS5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are...

7.5CVSS7.3AI score0.01725EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/03/28 10:15 a.m.156 views

Exploit for Inefficient Regular Expression Complexity in Ua-Parser-Js_Project Ua-Parser-Js

No d...

7.5CVSS6.8AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2026/03/11 10:30 p.m.23 views

DoS (Denial of Service) ua-parser-js Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.4.12, 10.0.1, and 10.1.1 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

7.5CVSS5.7AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2026/02/11 6:28 p.m.20 views

DoS (Denial of Service) ua-parser-js Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Sco...

7.5CVSS7.3AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2026/02/11 4:29 p.m.16 views

DoS (Denial of Service) ua-parser-js Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5...

7.5CVSS7.2AI score0.01725EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-0967

Malware in sbrugna...

7.5CVSS7.8AI score0.04483EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2021-0991

Malware in sbrugna...

7.5CVSS7.6AI score0.03366EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0379

Malware in sbrugna...

5.3CVSS5.3AI score0.03298EPSS
Exploits2References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0457

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.01725EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0786

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.03878EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-27292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header,...

7.5CVSS7.5AI score0.03366EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-7793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

7.5CVSS7.1AI score0.03878EPSS
Exploits1References2
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2025/06/30 3:41 p.m.17 views

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1 Arnie Cabral Mon, 06/30/2025 - 11:41 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

7.5AI score
Exploits0
Rows per page
Query Builder