CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlpineLinux•added 2025/07/22 9:36 p.m.•3 views

CVE-2025-53538

7.5CVSS7.1AI score0.00416EPSS

CNNVD•added 2025/07/22 12:0 a.m.•2 views

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions 7.0.10 and earlier and 8.0.0-beta1 through 8.0.0-rc1, which stems from improper handling of HTTP2 stream 0 data and could lead to uncontrolled memory...

7.5CVSS6.2AI score0.00416EPSS

RedHat Linux•added 2025/07/17 11:5 a.m.•1 views

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

7.5CVSS7.1AI score0.2185EPSS

Exploits5References5

RedHat Linux•added 2025/07/17 10:53 a.m.•2 views

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

7.5CVSS7.1AI score0.2185EPSS

Exploits5References5

SUSE CVE•added 2025/07/11 11:21 p.m.•2 views

SUSE CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...

5.9CVSS7.1AI score0.01205EPSS

Exploits0References7

OSV•added 2025/07/10 9:31 p.m.•0 views

GHSA-25XR-QJ8W-C4VF Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

7.5CVSS7.1AI score0.01247EPSS

Exploits0References8

OSV•added 2025/07/10 9:31 p.m.•1 views

GHSA-4J3C-42XV-3F84 Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

8.9CVSS7AI score0.01205EPSS

OSV•added 2025/07/10 8:15 p.m.•0 views

UBUNTU-CVE-2025-53506

7.5CVSS6.9AI score0.01247EPSS

OSV•added 2025/07/10 7:15 p.m.•1 views

DEBIAN-CVE-2025-52434

7.5CVSS8.4AI score0.01205EPSS

Exploits0References1

OSV•added 2025/07/10 7:15 p.m.•0 views

UBUNTU-CVE-2025-52434

7.5CVSS6.9AI score0.01205EPSS

Snyk•added 2025/06/30 10:0 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP/2 multiplexing feature. an attacker can trigger resource exhaustion by creating excessive HTTP/2...

8.7CVSS6.9AI score0.01247EPSS

Snyk•added 2025/06/30 10:0 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP/2 multiplexing feature. an attacker can trigger resource exhaustion by creating excessive HTTP/2 strea...

8.7CVSS7AI score0.01247EPSS

RedHat Linux•added 2025/06/25 12:16 a.m.•3 views

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...

7.5CVSS7.3AI score0.0044EPSS

Exploits0References4

OSV•added 2025/06/20 1:26 p.m.•1 views

OESA-2025-1659 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2...

7.5CVSS6.9AI score0.07819EPSS

Snyk•added 2025/06/15 10:0 p.m.•2 views

Race Condition

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Race Condition on connection close when using the APR/Native connector. An attacker could trigger a JVM crash by rapidly opening and closing HTTP/2 connections...

8.9CVSS6.8AI score0.01205EPSS

SUSE CVE•added 2025/06/12 3:43 a.m.•1 views

SUSE CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

2.1CVSS6.8AI score0.00084EPSS

Amazon•added 2025/05/13 12:0 a.m.•1 views

Important: libsoup3

Issue Overview: A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. CVE-2025-329...

7.5CVSS6.7AI score0.00221EPSS

Exploits0

OSV•added 2025/05/08 7:28 p.m.•1 views

GHSA-889J-63JV-QHR8 Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit

Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specifi...

7.5CVSS5.9AI score0.00576EPSS