Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3245 matches found

UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.8 views

CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS5.9AI score0.00545EPSS
Exploits1References2
OSV
OSVadded 2026/05/13 7:17 p.m.4 views

UBUNTU-CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS5.9AI score0.00545EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/05/13 7:17 p.m.11 views

CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/13 6:43 p.m.7 views

CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00511EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/05/13 6:43 p.m.1 views

EEF-CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. T...

8.2CVSS5.9AI score0.00511EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/05/13 6:22 p.m.10 views

CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS5.9AI score0.00545EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 6:22 p.m.36 views

CVE-2026-42587 Netty: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables decompression bomb DoS

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS0.00545EPSS
Exploits1References1
CVE
CVEadded 2026/05/13 6:22 p.m.58 views

CVE-2026-42587

Netty CVE-2026-42587 affects HttpContentDecompressor and DelegatingDecompressorFrameListener. Before 4.2.13.Final and 4.1.133.Final, maxAllocation is enforced for gzip/deflate but ignored for br, zstd, or snappy, allowing an attacker to bypass the decompression limit via Content-Encoding: br and ...

7.5CVSS5.9AI score0.00545EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/05/13 6:9 p.m.17 views

CVE-2026-42583

CVE-2026-42583 (Netty) affects Netty’s Lz4FrameDecoder. Before versions 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf sized to decompressedLength (up to 32 MB per block) prior to running the LZ4 step. A peer can trigger this allocation with only a 21-byte header plus compres...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/13 4:16 p.m.7 views

PYSEC-2026-142

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References1
PyPA
PyPAadded 2026/05/13 4:16 p.m.15 views

PYSEC-2026-142

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/13 4:16 p.m.17 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS0.00388EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/13 4:16 p.m.10 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References2
OSV
OSVadded 2026/05/13 4:16 p.m.4 views

UBUNTU-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/13 3:17 p.m.8 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/05/13 3:17 p.m.10 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 3:17 p.m.10 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/13 3:17 p.m.60 views

CVE-2026-44432

CVE-2026-44432 affects urllib3 before 2.7.0, where the library could decompress the entire response during HTTPResponse.read or drain_conn, leading to high CPU and memory usage when handling highly compressed data. Affected versions: 2.6.0 up to (but not including) 2.7.0. Impact described as pote...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 3:17 p.m.55 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS0.00388EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/05/13 2:8 a.m.11 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.1CVSS7.8AI score0.00517EPSS
Exploits0References3
Rows per page
Query Builder