Lucene search
+L

35 matches found

osv
osv
added 2026/04/21 11:4 p.m.3 views

CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.9AI score0.00335EPSS
Exploits1References6
cve
cve
added 2026/04/21 11:4 p.m.27 views

CVE-2026-41064

WWBN AVideo’s CVE-2026-33502 family is about an incomplete fix in plugin/Live/test.php. Affected versions (reported up to 29.0 in the CVE note, with related docs citing patch activity around commit 1e6cf03e93b5a5318204b010ea28440b0d9a5ab3) show that the wget path in test.php uses unsanitized user...

9.3CVSS5.7AI score0.00335EPSS
Exploits1References4Affected Software1
ibm
ibm
added 2026/04/10 2:41 p.m.9 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat. Vulnerabilities include the flaw in Eclipse Jetty could be used to bypass the authorization imposed by the intermediary as the...

9.8CVSS7AI score0.20985EPSS
Exploits3Affected Software1
patchstack
patchstack
added 2026/03/24 8:42 a.m.5 views

WordPress rexCrawler plugin <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters vulnerability

Reflected Cross-Site Scripting via 'url' and 'regex' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin rexCrawler versions = 1.0.15...

6.1CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/03/21 4:16 a.m.5 views

CVE-2026-2277

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00265EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0514

Malware in sbrugna...

7.8CVSS7.4AI score0.02693EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4139

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01302EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/05/22 4:49 p.m.8 views

CVE-2020-7661

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...

7.8CVSS6.6AI score0.02693EPSS
Exploits1References1
attackerkb
attackerkb
added 2025/02/12 7:15 p.m.2 views

CVE-2025-25205

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

8.2CVSS5.9AI score0.03999EPSS
Exploits2References7Affected Software1
ptsecurity
ptsecurity
added 2023/10/18 12:0 a.m.4 views

PT-2023-29703

Name of the Vulnerable Software and Affected Versions Torbot versions prior to 4.0.0 Description The issue concerns the torbot.modules.validators.validate link function, which uses the python-validators URL validation regex. This regular expression has exponential complexity, allowing an attacker...

7.5CVSS7AI score0.00797EPSS
Exploits1References15
osv
osv
added 2022/05/21 12:0 a.m.27 views

GHSA-HG3W-7HJ9-M3F7 Regular expression denial of service in url_regex

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

5.3CVSS7.5AI score0.01302EPSS
Exploits1References4
github
github
added 2022/05/21 12:0 a.m.24 views

Regular expression denial of service in url_regex

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

7.5CVSS4.8AI score0.01302EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2022/05/20 8:15 p.m.29 views

CVE-2022-21195

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

7.5CVSS0.01302EPSS
Exploits1References2
osv
osv
added 2022/05/20 8:15 p.m.3 views

CVE-2022-21195

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

7.5CVSS7.1AI score0.01302EPSS
Exploits1References2
prion
prion
added 2022/05/20 8:15 p.m.18 views

Code injection

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

5CVSS7.5AI score0.01302EPSS
Exploits1References2
cve
cve
added 2022/05/20 8:0 p.m.102 views

CVE-2022-21195

CVE-2022-21195 concerns the Python package url_regex (url-regex); all versions are reported as vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in regex matching. Exploitation would cause high CPU usage, potentially crashing affected applications. Public...

7.5CVSS6.2AI score0.01302EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/05/20 8:0 p.m.36 views

CVE-2022-21195 Regular Expression Denial of Service (ReDoS)

All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...

5.3CVSS7.7AI score0.01302EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/05/20 12:0 a.m.7 views

PT-2022-14915 · Url-Regex · Url-Regex

Name of the Vulnerable Software and Affected Versions: url-regex versions all Description: The issue is related to Regular Expression Denial of Service ReDoS, which can cause CPU usage to crash. Recommendations: For url-regex version all, consider disabling the use of the url-regex package until ...

7.5CVSS7.3AI score0.01302EPSS
Exploits1References6
cnnvd
cnnvd
added 2022/05/20 12:0 a.m.5 views

url-regex 安全漏洞

url-regex is a regular expression library for matching URLs by Kevin Mårtensson, an individual developer in Sweden. A security vulnerability exists in url-regex that stems from vulnerability to Regular Expression Denial of Service ReDoS attacks, which can lead to CPU utilization crashes...

7.5CVSS7.3AI score0.01302EPSS
Exploits1References3
cnnvd
cnnvd
added 2022/04/27 12:0 a.m.8 views

OWASP ESAPI 安全漏洞

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. cross-site scripting vulnerabilities exist in versions of OWASP ESAPI prior to 2.3.0.0, which originate from the " onsiteURL" regular expression erro...

6.1CVSS8.3AI score0.01688EPSS
Exploits1References8
Rows per page
Query Builder