CWE-185
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
CVE-2024-6641 (GCVE-0-2024-6641)
Vulnerability from cvelistv5 – Published: 2024-09-18 05:31 – Updated: 2026-04-08 17:02
VLAI
Title
WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
Summary
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Severity
5.3 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| astrasecuritysuite | WP Hardening (discontinued) |
Affected:
0 , ≤ 1.2.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "wp_hardening",
"vendor": "getastra",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:01:44.858232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:04:25.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Hardening (discontinued)",
"vendor": "astrasecuritysuite",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Caon"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185 Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:20.677Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-09-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Hardening \u2013 Fix Your WordPress Security \u003c= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6641",
"datePublished": "2024-09-18T05:31:13.844Z",
"dateReserved": "2024-07-10T00:52:55.526Z",
"dateUpdated": "2026-04-08T17:02:20.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20139 (GCVE-0-2025-20139)
Vulnerability from cvelistv5 – Published: 2025-04-02 16:16 – Updated: 2025-04-02 16:33
VLAI
Summary
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.
Severity
7.5 (High)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email |
Affected:
11.5(1)
Affected: 11.6(1) Affected: 11.6(1)_ES2 Affected: 11.6(1)_ES3 Affected: 11.6(1)_ES4 Affected: 11.6(1)_ES5 Affected: 11.6(1)_ES6 Affected: 11.6(1)_ES10 Affected: 11.6(1)_ES11 Affected: 11.6(1)_ES7 Affected: 11.6(1)_ES8 Affected: 11.6(1)_ES9 Affected: 11.6(1)_ES9a Affected: 11.6(1)_ES12 Affected: 11.6(1)_ES12_ET1 Affected: 12.0(1) Affected: 12.0(1)_ES1 Affected: 12.0(1)_ES2 Affected: 12.0(1)_ES3 Affected: 12.0(1)_ES4 Affected: 12.0(1)_ES5 Affected: 12.0(1)_ES5a Affected: 12.0(1)_ES6 Affected: 12.0(1)_ES6_ET1 Affected: 12.0(1)_ES6_ET2 Affected: 12.0(1)_ES6_ET3 Affected: 12.0(1)_ES7 Affected: 12.0(1)_ES7_ET1 Affected: 12.5(1) Affected: 12.5(1)_ES1 Affected: 12.5(1)_ES2 Affected: 12.5(1)_ES3 Affected: 12.5(1)_ES3_ET1 Affected: 12.5(1)_ET1 Affected: 12.5(1)_ES4 Affected: 12.5(1)_ES3_ET2 Affected: 12.5(1)_ES4_ET1 Affected: 12.5(1)_ES5 Affected: 12.5(1)_ES5_ET1 Affected: 12.5(1)_ES6 Affected: 12.5(1)_ES7 Affected: 12.5(1)_ES8 Affected: 12.5(1)_ES8_ET1 Affected: 12.5(1)_ES3_ET3 Affected: 12.5(1)_ES5_ET2 Affected: 12.5(1)_ES6_ET1 Affected: 12.5(1)_ES4_ET2 Affected: 12.5(1)_ES7_ET1 Affected: 12.5(1)_ES9 Affected: 12.6(1) Affected: 12.6(1)_ET1 Affected: 12.6(1)_ET2 Affected: 12.6(1)_ES1 Affected: 12.6(1)_ET3 Affected: 12.6(1)_ES1_ET1 Affected: 12.6(1)_ES2 Affected: 12.6(1)_ES3 Affected: 12.6(1)_ES4 Affected: 12.6(1)_ES4_ET1 Affected: 12.6(1)_ES5 Affected: 12.6(1)_ES5_ET1 Affected: 12.6(1)_ES5_ET2 Affected: 12.6(1)_ES6 Affected: 12.6(1)_ES6_ET1 Affected: 12.6(1)_ES6_ET2 Affected: 12.6(1)_ES7 Affected: 12.6(1)_ES8 Affected: 12.6(1)_ES4_ET2 Affected: 12.6(1)_ES3_ET3 Affected: 12.6(1)_ES2_ET5 Affected: 12.6(1)_ES1_ET2 Affected: 12.6(1)_ES8_ET1 Affected: 12.6(1)_ES7_ET1 Affected: 12.6(1)_ES6_ET3 Affected: 12.6(1)_ES5_ET3 Affected: 12.6(1)_ES8_ET2 Affected: 12.6(1)_ES9 Affected: 12.6(1)_ES9_ET1 Affected: 12.6(1)_ES9_ET2 Affected: 12.6(1)_ES9_ET3 Affected: 12.6_ES2_ET1 Affected: 12.6_ES2_ET2 Affected: 12.6_ES2_ET3 Affected: 12.6_ES2_ET4 Affected: 12.6_ES3_ET1 Affected: 12.6_ES3_ET2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:33:38.164036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:33:45.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Enterprise Chat and Email",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES4"
},
{
"status": "affected",
"version": "11.6(1)_ES5"
},
{
"status": "affected",
"version": "11.6(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES10"
},
{
"status": "affected",
"version": "11.6(1)_ES11"
},
{
"status": "affected",
"version": "11.6(1)_ES7"
},
{
"status": "affected",
"version": "11.6(1)_ES8"
},
{
"status": "affected",
"version": "11.6(1)_ES9"
},
{
"status": "affected",
"version": "11.6(1)_ES9a"
},
{
"status": "affected",
"version": "11.6(1)_ES12"
},
{
"status": "affected",
"version": "11.6(1)_ES12_ET1"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES1"
},
{
"status": "affected",
"version": "12.0(1)_ES2"
},
{
"status": "affected",
"version": "12.0(1)_ES3"
},
{
"status": "affected",
"version": "12.0(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES5"
},
{
"status": "affected",
"version": "12.0(1)_ES5a"
},
{
"status": "affected",
"version": "12.0(1)_ES6"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.0(1)_ES7"
},
{
"status": "affected",
"version": "12.0(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES1"
},
{
"status": "affected",
"version": "12.5(1)_ES2"
},
{
"status": "affected",
"version": "12.5(1)_ES3"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES4"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES6"
},
{
"status": "affected",
"version": "12.5(1)_ES7"
},
{
"status": "affected",
"version": "12.5(1)_ES8"
},
{
"status": "affected",
"version": "12.5(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES1"
},
{
"status": "affected",
"version": "12.6(1)_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES2"
},
{
"status": "affected",
"version": "12.6(1)_ES3"
},
{
"status": "affected",
"version": "12.6(1)_ES4"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES6"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES2_ET5"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET3"
},
{
"status": "affected",
"version": "12.6_ES2_ET1"
},
{
"status": "affected",
"version": "12.6_ES2_ET2"
},
{
"status": "affected",
"version": "12.6_ES2_ET3"
},
{
"status": "affected",
"version": "12.6_ES2_ET4"
},
{
"status": "affected",
"version": "12.6_ES3_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "Incorrect Regular Expression",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:16:17.546Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ece-dos-tC6m9GZ8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8"
}
],
"source": {
"advisory": "cisco-sa-ece-dos-tC6m9GZ8",
"defects": [
"CSCwm08282"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20139",
"datePublished": "2025-04-02T16:16:17.546Z",
"dateReserved": "2024-10-10T19:15:13.213Z",
"dateUpdated": "2025-04-02T16:33:45.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54365 (GCVE-0-2025-54365)
Vulnerability from cvelistv5 – Published: 2025-07-23 22:11 – Updated: 2025-07-24 13:36
VLAI
Title
fastapi-guard patch contains bypassable RegEx
Summary
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.
Severity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rennf93/fastapi-guard/security… | x_refsource_CONFIRM |
| https://github.com/rennf93/fastapi-guard/commit/0… | x_refsource_MISC |
| https://github.com/rennf93/fastapi-guard/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rennf93 | fastapi-guard |
Affected:
>= 3.0.1, < 3.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:13:00.507260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:36:52.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastapi-guard",
"vendor": "rennf93",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.1, \u003c 3.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a \u003cscript\u003e tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T22:11:36.441Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g"
},
{
"name": "https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a"
},
{
"name": "https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f"
}
],
"source": {
"advisory": "GHSA-rrf6-pxg8-684g",
"discovery": "UNKNOWN"
},
"title": "fastapi-guard patch contains bypassable RegEx"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54365",
"datePublished": "2025-07-23T22:11:36.441Z",
"dateReserved": "2025-07-21T16:12:20.731Z",
"dateUpdated": "2025-07-24T13:36:52.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-24398 (GCVE-0-2026-24398)
Vulnerability from cvelistv5 – Published: 2026-01-27 19:06 – Updated: 2026-01-27 19:20
VLAI
Title
Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Summary
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue.
Severity
4.8 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/honojs/hono/commit/edbf6eea8e6… | x_refsource_MISC |
| https://github.com/honojs/hono/releases/tag/v4.11.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T19:18:50.922446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T19:20:35.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP addresses that bypass IP-based access controls. Version 4.11.7 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T19:06:42.792Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh"
},
{
"name": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37"
},
{
"name": "https://github.com/honojs/hono/releases/tag/v4.11.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/releases/tag/v4.11.7"
}
],
"source": {
"advisory": "GHSA-r354-f388-2fhh",
"discovery": "UNKNOWN"
},
"title": "Hono\u0027s IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24398",
"datePublished": "2026-01-27T19:06:42.792Z",
"dateReserved": "2026-01-22T18:19:49.172Z",
"dateUpdated": "2026-01-27T19:20:35.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25479 (GCVE-0-2026-25479)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:48 – Updated: 2026-02-10 16:01
VLAI
Title
Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns
Summary
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0.
Severity
6.5 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/litestar-org/litestar/security… | x_refsource_CONFIRM |
| https://github.com/litestar-org/litestar/commit/0… | x_refsource_MISC |
| https://docs.litestar.dev/2/release-notes/changel… | x_refsource_MISC |
| https://github.com/litestar-org/litestar/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| litestar-org | litestar |
Affected:
< 2.20.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:53.590127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "litestar",
"vendor": "litestar-org",
"versions": [
{
"status": "affected",
"version": "\u003c 2.20.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:48:19.971Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4"
},
{
"name": "https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace"
},
{
"name": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0"
},
{
"name": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0"
}
],
"source": {
"advisory": "GHSA-93ph-p7v4-hwh4",
"discovery": "UNKNOWN"
},
"title": "Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25479",
"datePublished": "2026-02-09T18:48:19.971Z",
"dateReserved": "2026-02-02T16:31:35.821Z",
"dateUpdated": "2026-02-10T16:01:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25542 (GCVE-0-2026-25542)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:05 – Updated: 2026-05-22 16:06
VLAI
Title
Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
6.5 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/b8905… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:48:04.873157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:48:15.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:06:24.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a"
}
],
"source": {
"advisory": "GHSA-rmx9-2pp3-xhcr",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25542",
"datePublished": "2026-04-21T16:05:43.217Z",
"dateReserved": "2026-02-02T19:59:47.375Z",
"dateUpdated": "2026-05-22T16:06:24.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25896 (GCVE-0-2026-25896)
Vulnerability from cvelistv5 – Published: 2026-02-20 20:57 – Updated: 2026-03-02 19:11
VLAI
Title
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Summary
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
Severity
9.3 (Critical)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_CONFIRM |
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_MISC |
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_MISC |
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NaturalIntelligence | fast-xml-parser |
Affected:
>= 5.0.0, < 5.3.5
Affected: >= 4.1.3, < 4.5.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:26:46.154155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:29:10.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fast-xml-parser",
"vendor": "NaturalIntelligence",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.5"
},
{
"status": "affected",
"version": "\u003e= 4.1.3, \u003c 4.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (\u0026lt;, \u0026gt;, \u0026amp;, \u0026quot;, \u0026apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:11:31.673Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2"
},
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"
},
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"
},
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5"
}
],
"source": {
"advisory": "GHSA-m7jm-9gc2-mpf2",
"discovery": "UNKNOWN"
},
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25896",
"datePublished": "2026-02-20T20:57:48.074Z",
"dateReserved": "2026-02-06T21:08:39.130Z",
"dateUpdated": "2026-03-02T19:11:31.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27895 (GCVE-0-2026-27895)
Vulnerability from cvelistv5 – Published: 2026-03-17 23:51 – Updated: 2026-03-18 19:55
VLAI
Title
LAM has incorrect regular expression in PDF export component that allows user to upload files of any type
Summary
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files) can be uploaded. With GHSA-w7xq-vjr3-p9cf, an attacker can achieve remote code execution as the web server user. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user.
Severity
4.3 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LDAPAccountManager/lam/securit… | x_refsource_CONFIRM |
| https://github.com/LDAPAccountManager/lam/securit… | x_refsource_MISC |
| https://github.com/LDAPAccountManager/lam/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LDAPAccountManager | lam |
Affected:
< 9.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T19:55:04.254873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T19:55:14.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lam",
"vendor": "LDAPAccountManager",
"versions": [
{
"status": "affected",
"version": "\u003c 9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files) can be uploaded. With GHSA-w7xq-vjr3-p9cf, an attacker can achieve remote code execution as the web server user. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T23:51:26.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8"
},
{
"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf"
},
{
"name": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5"
}
],
"source": {
"advisory": "GHSA-88hf-2cjm-m9g8",
"discovery": "UNKNOWN"
},
"title": "LAM has incorrect regular expression in PDF export component that allows user to upload files of any type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27895",
"datePublished": "2026-03-17T23:51:26.501Z",
"dateReserved": "2026-02-24T15:19:29.717Z",
"dateUpdated": "2026-03-18T19:55:14.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33347 (GCVE-0-2026-33347)
Vulnerability from cvelistv5 – Published: 2026-03-24 19:26 – Updated: 2026-03-26 19:52
VLAI
Title
league/commonmark has an embed extension allowed_domains bypass
Summary
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This issue has been patched in version 2.8.2.
Severity
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/thephpleague/commonmark/securi… | x_refsource_CONFIRM |
| https://github.com/thephpleague/commonmark/commit… | x_refsource_MISC |
| https://github.com/thephpleague/commonmark/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thephpleague | commonmark |
Affected:
>= 2.3.0, < 2.8.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T19:34:18.389527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:52:12.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "commonmark",
"vendor": "thephpleague",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This issue has been patched in version 2.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T19:26:23.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5"
},
{
"name": "https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b"
},
{
"name": "https://github.com/thephpleague/commonmark/releases/tag/2.8.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thephpleague/commonmark/releases/tag/2.8.2"
}
],
"source": {
"advisory": "GHSA-hh8v-hgvp-g3f5",
"discovery": "UNKNOWN"
},
"title": "league/commonmark has an embed extension allowed_domains bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33347",
"datePublished": "2026-03-24T19:26:23.872Z",
"dateReserved": "2026-03-18T22:15:11.814Z",
"dateUpdated": "2026-03-26T19:52:12.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33418 (GCVE-0-2026-33418)
Vulnerability from cvelistv5 – Published: 2026-03-24 13:25 – Updated: 2026-03-24 15:11
VLAI
Title
@dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection
Summary
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of `<svg` before the actual SVG root element. When the SVG is subsequently rendered via `@resvg/resvg-js` on the Node.js code path, it renders at the attacker-specified dimensions, potentially causing out-of-memory crashes. In version 9.4.2, the regex-based approach has been replaced with XML-aware processing using `fast-xml-parser` to correctly identify and modify the SVG root element's attributes. Additionally, a `fitTo` constraint has been added to the `renderAsync` call as defense-in-depth, ensuring the rendered output is always bounded regardless of SVG content.
Severity
7.5 (High)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dicebear/dicebear/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:10:31.935009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:11:51.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dicebear",
"vendor": "dicebear",
"versions": [
{
"status": "affected",
"version": "\u003c 9.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of `\u003csvg` before the actual SVG root element. When the SVG is subsequently rendered via `@resvg/resvg-js` on the Node.js code path, it renders at the attacker-specified dimensions, potentially causing out-of-memory crashes. In version 9.4.2, the regex-based approach has been replaced with XML-aware processing using `fast-xml-parser` to correctly identify and modify the SVG root element\u0027s attributes. Additionally, a `fitTo` constraint has been added to the `renderAsync` call as defense-in-depth, ensuring the rendered output is always bounded regardless of SVG content."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:25:57.540Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dicebear/dicebear/security/advisories/GHSA-7j2x-32w6-p43p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dicebear/dicebear/security/advisories/GHSA-7j2x-32w6-p43p"
}
],
"source": {
"advisory": "GHSA-7j2x-32w6-p43p",
"discovery": "UNKNOWN"
},
"title": "@dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33418",
"datePublished": "2026-03-24T13:25:57.540Z",
"dateReserved": "2026-03-19T18:45:22.431Z",
"dateUpdated": "2026-03-24T15:11:51.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-45
Phase: Implementation
Strategy: Refactoring
Description:
- Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.
CAPEC-15: Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
CAPEC-6: Argument Injection
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
CAPEC-79: Using Slashes in Alternate Encoding
This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.