Exploit for CVE-2026-49975

CVE-2026-49975 — HTTP/2 Bomb PoC !CVEhttps://img.shields...

CVE-2026-36605

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

RockyLinux 10 : delve (RLSA-2026:19013)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19013 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion ...

CVE-2026-36605

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

Linux Distros Unpatched Vulnerability : CVE-2026-49975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2026-49975, also known as HTTP/2 Bomb, is a remote denial-of-service exploit against most major web servers, including: nginx, Apache httpd, Microsoft IIS,...

EUVD-2026-34144

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

CVE-2022-4992

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...

CVE-2019-25721

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

EUVD-2019-20160

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manu...

CVE-2019-25721

CVE-2019-25721 affects Dräger Infinity M300 patient-worn monitors with software VG2.3.1 and earlier. The issue is a network‑based denial-of-service vulnerability that lets network-adjacent attackers repeatedly trigger device reboots by sending malicious requests over the Infinity Network, forcing...

CVE-2019-25721

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

EUVD-2019-20157

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2026 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2026. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

EUVD-2026-33959

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

CVE-2026-45686

OpenTelemetry eBPF Instrumentation contains a remote integer overflow in OBI’s memcached text protocol parser (memcached_detect_transform.go) that can crash the OBI process and cause denial of service. Affected versions are 0.7.0 through before 0.9.0; the parser accepts large values for storage ...

Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

EUVD-2026-33796

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-33780

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0080

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...