Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2055 matches found

Tenable Nessus
Tenable Nessusadded 4 days ago4 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerabilities (USN-8459-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8459-1 advisory. It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could...

9.1CVSS6AI score0.00431EPSS
Exploits0References3
OSV
OSVadded 5 days ago2 views

OPENSUSE-SU-2026:11090-1 haproxy-3.4.0+git31.fc300e9f2-1.1 on GA media

These are all security issues fixed in the haproxy-3.4.0+git31.fc300e9f2-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.9AI score0.00431EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

5.6CVSS6.1AI score0.00321EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References3
AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...

7.5CVSS7.2AI score0.02322EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in HAPProxy

There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...

7.5CVSS7.9AI score0.56083EPSS
Exploits5References2
AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...

6.8CVSS6.6AI score0.00685EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.5AI score0.05493EPSS
Exploits0References2
OSV
OSVadded 2026/06/19 12:0 a.m.4 views

UBUNTU-CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS6.1AI score0.00321EPSS
Exploits0References3
OSV
OSVadded 2026/06/19 12:0 a.m.5 views

UBUNTU-CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
NVD
NVDadded 2026/06/18 5:16 p.m.10 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/18 4:5 p.m.9 views

EUVD-2026-37906

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2
CVE
CVEadded 2026/06/18 4:5 p.m.23 views

CVE-2026-55204

HAProxy CVE-2026-55204 affects HAProxy up to version 3.4.0. It describes a null pointer dereference in the function hpack_dht_insert (in src/hpack-tbl.c) that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. Under memory pressure, HPACK dynamic table ins...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/06/18 4:5 p.m.7 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0
Cvelist
Cvelistadded 2026/06/18 4:5 p.m.22 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/06/18 4:5 p.m.7 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/06/18 4:5 p.m.7 views

CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS5.6AI score0.00321EPSS
Exploits0
EUVD
EUVDadded 2026/06/18 4:5 p.m.11 views

EUVD-2026-37905

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS5.6AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/18 4:5 p.m.20 views

CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS0.00321EPSS
Exploits0References2
Rows per page
Query Builder