CWE-625— Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values.— MITRE CWE catalog
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-625page 1 of 1
- CVE-2018-8926HIGHCVSS 8.8EG 8.82018-06-08
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
- CVE-2020-8910MEDIUMCVSS 6.5EG 6.52020-03-26
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to v…
- CVE-2023-6544MEDIUMCVSS 5.4EG 5.42024-04-25
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment coul…
- CVE-2024-6038HIGHCVSS 7.5EG 7.52024-06-27
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-pro…
- CVE-2026-23651MEDIUMCVSS 6.7EG 6.72026-03-05
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
- CVE-2026-32973CRITICALCVSS 9.8EG 9.82026-03-29
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wild…
- CVE-2026-34763MEDIUMCVSS 5.3EG 5.32026-04-02
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains…
- CVE-2026-34830MEDIUMCVSS 5.9EG 5.92026-04-02
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file pat…
- CVE-2026-37737MEDIUMCVSS 6.5EG 6.52026-06-05
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering …
- CVE-2026-40110HIGHCVSS 7.3EG 7.32026-05-05
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match(…
- CVE-2026-44587MEDIUMCVSS 6.1EG 6.12026-05-27
CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the content_type_denylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the…
Map vulnerabilities like CWE-625 to your infrastructure
EchelonGraph correlates every CVE — across CWE-625 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →