Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

209 matches found

NVD
NVDadded 6 days ago9 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS0.00755EPSS
Exploits2References1
EUVD
EUVDadded 6 days ago8 views

EUVD-2026-37717

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.7AI score0.00755EPSS
Exploits2References1
CVE
CVEadded 6 days ago150 views

CVE-2026-42530

Summary : NGINX Open Source’s ngx_http_v3_module vulnerability (CVE-2026-42530) occurs when HTTP/3 QUIC is enabled. A remote unauthenticated attacker can craft an HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and potentially triggering a res...

9.2CVSS5.7AI score0.00755EPSS
Exploits2References1
Debian CVE
Debian CVEadded 6 days ago7 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.8AI score0.00755EPSS
Exploits2
F5 Networks
F5 Networksadded 6 days ago22 views

K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...

9.2CVSS6.3AI score0.00755EPSS
Exploits2Affected Software4
Positive Technologies
Positive Technologiesadded 6 days ago14 views

PT-2026-50439

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 Description A Use-after-Free issue exists in the ngx http v3 module module when configured to use the HTTP/3 QUIC module. A remote unauthenticated attacker can use a specially crafted HTTP/3...

9.2CVSS6.8AI score0.00755EPSS
Exploits2References60
Github Security Blog
Github Security Blogadded 2026/06/15 8:43 p.m.6 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References4
CVE
CVEadded 2026/06/12 2:45 p.m.17 views

CVE-2026-48748

Netty HTTP/3 vulnerability CVE-2026-48748: a memory-exhaustion flaw in the Netty HTTP/3 codec prior to 4.2.15.Final allows an infinite number of blocked streams, leading to OOM. The issue is fixed in Netty version 4.2.15.Final. Affected component: Netty’s HTTP/3 codec. Root cause: unbounded block...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/12 2:45 p.m.10 views

CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/12 2:45 p.m.33 views

CVE-2026-48748 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS0.00488EPSS
Exploits0References2
NVD
NVDadded 2026/06/12 5:16 a.m.14 views

CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS0.00488EPSS
Exploits0References2
OSV
OSVadded 2026/06/12 5:16 a.m.2 views

UBUNTU-CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/12 5:4 a.m.31 views

CVE-2026-44892 Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS0.00488EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/12 5:4 a.m.10 views

EUVD-2026-36386

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.5AI score0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.12 views

PT-2026-48900

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description A memory exhaustion issue exists in the Netty HTTP/3 codec. This flaw allows for the creation of an infinite number of blocked streams, which can lead to an Out of Memory OOM error, resulting in...

7.5CVSS5.3AI score0.00488EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2026/06/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in th...

7.5CVSS5.5AI score0.00488EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/06/08 7:2 p.m.10 views

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3SETTINGSMAXFIELDSECTIONSIZE, the implementation defaults to an unbounded limit. This insecure default configuration...

7.5CVSS5.5AI score0.00488EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/08 12:0 a.m.9 views

PT-2026-47563

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3 SETTINGS MAX FIELD SECTION SIZE, the implementation defaults to an unbounded limit. This insecure default...

7.5CVSS5.5AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/04 5:43 p.m.8 views

CVE-2026-40898 quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

5.3CVSS5.8AI score0.00488EPSS
Exploits0References2
Rows per page
Query Builder