CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2026-21868 HIGH
FlagForge 2.0-2.3.2 - Regular Expression Denial of Service via User Profile API Username Parameter
CVSS 7.5
CVE-2026-0668 MEDIUM
MediaWiki - VisualData Extension <1.45 - RCE
CVSS 5.3
CVE-2026-0621 HIGH
MCP TypeScript SDK <= 1.25.1 - Denial of Service via RFC 6570 Exploded Array Pattern ReDoS
CVSS 7.5
CVE-2025-70030 HIGH
Sunbird-Ed SunbirdEd-portal 1.13.4 - DoS
CVSS 7.5
CVE-2025-70034 HIGH
mscdex ssh2 1.17.0 - Inefficient Regular Expression Complexity
CVSS 7.5
CVE-2025-10990 HIGH
REXML - Regular Expression Denial of Service via Hex Numeric Character Reference Parsing
CVSS 7.5
CVE-2025-69873 LOW
ajv < 8.18.0 - Regular Expression Denial of Service via $data Reference
CVSS 2.9
CVE-2025-68475 HIGH
Fedify < 1.6.13, 1.7.0-1.7.13, 1.8.0-1.8.14, 1.9.0-1.9.1 - Regular Expression Denial of Service in HTML Parser
CVSS 7.5
CVE-2025-68142 MEDIUM
PyMdown Extensions < 10.16.1 - Denial of Service via Figure Caption Extension ReDOS
CVSS 5.3
CVE-2025-66020 HIGH
Valibot 0.31.0-1.1.0 - Denial of Service via EMOJI_REGEX ReDoS
CVSS 7.5
CVE-2025-62484 HIGH
Zoom Workplace Clients <6.5.10 - Privilege Escalation
CVSS 8.1
CVE-2025-5342 MEDIUM
ManageEngine Exchange Reporter Plus <= 5721 - Denial of Service via Search Module ReDOS
CVSS 4.3
CVE-2025-61581 HIGH
Apache Traffic Control - Info Disclosure
CVSS 7.5
CVE-2025-61921 HIGH
Sinatra < 4.2.0 - Denial of Service via If-Match and If-None-Match Header Parsing
CVSS 7.5
CVE-2025-6051 MEDIUM
Hugging Face Transformers <4.52.4 - DoS
CVSS 5.3
CVE-2025-6638 HIGH
Hugging Face Transformers < 4.53.0 - Regular Expression Denial of Service in MarianTokenizer
CVSS 7.5
CVE-2025-58451 HIGH
cattown < 1.0.2 - Denial of Service via Inefficient Regular Expression Complexity
CVE-2025-9670 MEDIUM
mixmark-io turndown <7.2.1 - Info Disclosure
CVSS 5.3
CVE-2025-43764 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.20 - ReDoS via Kaleo Designer Role Name Search
CVSS 6.5
CVE-2025-9308 LOW
yarnpkg Yarn <1.22.22 - Info Disclosure
CVSS 3.3
CVE-2025-54364 MEDIUM
Microsoft Knack 0.12.0 - Regular Expression Denial of Service in option_descriptions
CVE-2025-54363 MEDIUM
Microsoft Knack 0.12.0 - Denial of Service via Inefficient Regular Expression in knack.introspection
CVE-2025-4690 MEDIUM
AngularJS - Regular Expression Denial of Service in linky Filter
CVSS 4.3
CVE-2025-33090 HIGH
IBM Concert 1.0.0-1.1.0 - Denial of Service via Inefficient Regular Expression
CVSS 7.5
CVE-2025-2937 MEDIUM
GitLab 13.2-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Denial of Service via Wiki Markdown Payload
CVSS 6.5
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits