CVE-2026-30837

Elysia (TypeScript framework) prior to v1.4.26 is affected by a ReDoS in t.String({ format: 'url' }) where repeating a partial URL format (protocol/hostname) makes the regex slow, potentially causing DoS. The issue is fixed in v1.4.26. Affected component: the URL string format validation function...

CVE-2026-30837 Elysia has a string URL format redos

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

EUVD-2026-10861

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

PT-2026-24422

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

CVE-2010-4815

Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8998

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

CVE-2024-8998

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

CVE-2024-9000

In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...

CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

CVE-2024-8998

CVE-2024-8998 affects lunary-ai/lunary, where the server uses the regex /{.?}/ to match user-controlled strings. In the default JavaScript engine, this can cause a Regular Expression Denial of Service (ReDoS) with crafted inputs, potentially hanging the server. The issue is fixed in version 1.4.2...

CVE-2024-8999

Lunary (lunary-ai/lunary) v1.4.25 contains an improper access control vulnerability in POST /api/v1/data-warehouse/bigquery, allowing unauthenticated/export of the entire database to Google BigQuery. Root cause: insufficient access checks on the data-warehouse/bigquery endpoint. Impact is high (c...

CVE-2024-8999 Improper Access Control in lunary-ai/lunary

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

Coppermine Input Validation Error Vulnerability

Coppermine is a multi-purpose integrated web graphics library script written in PHP. An input validation error vulnerability exists in Coppermine gallery versions prior to 1.4.26. An attacker can exploit this vulnerability to execute code...

CVE-2010-0295

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into small pieces that are sent at a slow rate...

Llighttpd < 1.4.26 'Slow Request Handling' Remote DoS Vulnerability

Lighttpd is prone to a denial of service DoS vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...