130 matches found
CVE-2026-48125
A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...
CVE-2026-48125
UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...
CVE-2026-48125 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
GHSA-9H5V-PFQQ-X599 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
PT-2026-49551
Name of the Vulnerable Software and Affected Versions UAParser.js versions 2.0.1 through 2.0.9 Description A regular expression denial-of-service ReDoS exists when using the Client Hints API. An attacker can cause excessive CPU consumption and a denial-of-service condition in server-side...
CVE-2026-48125
creationtimestamp| type| source ---|---|--- 2026-05-21 15:31:36+00:00| published-proof-of-concept| https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-9h5v-pfqq-x599...
Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are...
Exploit for Inefficient Regular Expression Complexity in Ua-Parser-Js_Project Ua-Parser-Js
No d...
DoS (Denial of Service) ua-parser-js Dependency in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.4.12, 10.0.1, and 10.1.1 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
DoS (Denial of Service) ua-parser-js Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Sco...
DoS (Denial of Service) ua-parser-js Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5...
EUVD-2021-0967
Malware in sbrugna...
EUVD-2021-0991
Malware in sbrugna...
EUVD-2019-0379
Malware in sbrugna...
EUVD-2023-0457
Malicious code in bioql PyPI...
EUVD-2022-0786
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-27292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header,...
Linux Distros Unpatched Vulnerability : CVE-2020-7793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...
[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1
R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1 Arnie Cabral Mon, 06/30/2025 - 11:41 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...