Lucene search
K

60 matches found

NVD
NVD
added 2025/03/04 12:15 a.m.20 views

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

7.5CVSS0.00702EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/10 12:59 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...

8.7CVSS7.4AI score0.00873EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/13 5:15 a.m.16 views

CVE-2024-12579

The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can...

5.3CVSS0.00339EPSS
Exploits0References2
Veracode
Veracode
added 2024/11/07 11:44 a.m.9 views

Regular Expression Denial Of Service (ReDoS)

rexml is vulnerable to a Regular Expression Denial of Service ReDoS vulnerability. The vulnerability is due to inefficient regular expression handling when parsing XML inputs that contain a large number of digits in hex numeric character references &x...;, allows an attacker to craft inputs that...

8.7CVSS7AI score0.01429EPSS
Exploits0References8Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.3 views

Mastodon 4.2.x < 4.2.13 Regular Expression Denial of Service

According to its self-reported version number, the version of Mastodon running on the remote host is prior to 4.1.20 or 4.2.x prior to 4.2.12. Therefore, it may be affected by a regular expression denial of service vulnerability. Note that the scanner has not tested for these issues but has inste...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/08 12:0 a.m.25 views

EulerOS 2.0 SP9 : python-configobj (EulerOS-SA-2024-1493)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

5.9CVSS5.5AI score0.01259EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/09/26 6:19 p.m.21 views

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

8.6CVSS6.3AI score0.01114EPSS
Exploits1
OSV
OSV
added 2023/06/28 3:14 p.m.8 views

SUSE-SU-2023:2693-1 Security update for python-sqlparse

This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS bsc1210617...

7.5CVSS7.4AI score0.0098EPSS
Exploits0References3
OSV
OSV
added 2023/05/21 8:42 a.m.7 views

MGASA-2023-0183 Updated python-sqlparse packages fix security vulnerability

ReDoS Regular Expression Denial of Service CVE-2023-30608...

7.5CVSS7.4AI score0.0098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.4 views

PT-2022-8728 · Is.Js · Is.Js

Name of the Vulnerable Software and Affected Versions: is.js versions 0.9.0 and prior Description: is.js is a general-purpose check library that contains one or more regular expressions vulnerable to Regular Expression Denial of Service ReDoS. The library uses a regex to validate URLs, which can...

7.5CVSS7.3AI score0.00866EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/10/06 12:0 a.m.4 views

CVE-2022-39280 Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

5.9CVSS7.5AI score0.00982EPSS
Exploits0References4
Prion
Prion
added 2022/09/30 5:15 a.m.14 views

Design/Logic Flaw

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

5CVSS7.4AI score0.01462EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/30 5:5 a.m.3 views

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

5.3CVSS7.4AI score0.01462EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.36 views

Rocky Linux 8 : nodejs:14 (RLSA-2021:3074)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3074 advisory. - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the...

7.5CVSS7AI score0.23132EPSS
Exploits3References7
NVD
NVD
added 2021/09/29 5:15 p.m.29 views

CVE-2021-23446

The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...

7.5CVSS0.02751EPSS
Exploits1References8
NVD
NVD
added 2021/09/17 7:15 a.m.19 views

CVE-2021-3803

nth-check is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS0.02165EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/03/18 7:39 p.m.64 views

html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

5.3CVSS5.8AI score0.02217EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2021/03/12 3:10 p.m.42 views

CVE-2021-23354 Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

5.3CVSS7.7AI score0.02176EPSS
Exploits1References3
OSV
OSV
added 2015/12/02 1:59 a.m.8 views

CVE-2015-8388

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

9.8AI score
Exploits0References10
OSV
OSV
added 2015/12/02 1:59 a.m.7 views

CVE-2015-8380

The pcreexec function in pcreexec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...

9.8AI score
Exploits0References8
Rows per page
Query Builder