Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-185 (不正确的正则表达式) — Vulnerability Class 20

20 vulnerabilities classified as CWE-185 (不正确的正则表达式). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass — Enterprise Server 8.2AIHighAI2026-04-21
CVE-2026-25542 Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching — pipeline 6.5 Medium2026-04-21
CVE-2026-39350 Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass — istio 5.4 Medium2026-04-15
CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection — dicebear 7.5 High2026-03-24
CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type — lam 4.3 Medium2026-03-17
CVE-2026-3419 Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation — fastify 5.3 Medium2026-03-06
CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names — fast-xml-parser 9.3 Critical2026-02-20
CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns — litestar 6.5 Medium2026-02-09
CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing — hono 4.8 Medium2026-01-27
CVE-2025-20139 Cisco Enterprise Chat and Email 安全漏洞 — Cisco Enterprise Chat and Email 7.5 High2025-04-02
CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs — authentik 6.1AIMediumAI2024-11-21
CVE-2024-6641 WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration — WP Hardening (discontinued) 5.3 Medium2024-09-18
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465) — GravityZone Control Center (On Premises) 8.1 High2024-04-09
CVE-2021-36093 DoS attack using PostMaster filters — ((OTRS)) Community Edition 5.3 Medium2021-09-06
CVE-2018-1109 Npm Braces 资源管理错误漏洞 — nodejs-braces 5.3 -2021-03-30
CVE-2020-7929 Specially crafted regex query can cause DoS — MongoDB Server 6.5 Medium2021-03-01
CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability — Cisco IOS 8.6 -2020-09-24
CVE-2020-7016 Elasticsearch Kibana 资源管理错误漏洞 — Kibana 4.8 -2020-07-27
CVE-2020-1741 Red Hat OpenShift Container Platform openshift-ansible 安全漏洞 — openshift-ansible 5.9 Medium2020-04-24
CVE-2018-7158 Joyent Node.js path模块输入验证错误漏洞 — Node.js 7.5 -2018-05-17

Vulnerabilities classified as CWE-185 (不正确的正则表达式) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.