CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

254 matches found

NVD•added 2026/05/25 3:16 p.m.•9 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6.1CVSS0.00027EPSS

Exploits1References4

Vulnrichment•added 2026/05/25 2:0 p.m.•4 views

CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00049EPSS

Exploits1References4

OSV•added 2026/05/16 11:54 p.m.•3 views

MGASA-2026-0146 Updated haproxy packages fix security vulnerability

The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...

4CVSS5.8AI score0.00013EPSS

Exploits0References3

OSV•added 2026/04/28 10:46 p.m.•1 views

GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.8AI score0.00078EPSS

Exploits1References4

OSV•added 2026/04/23 12:11 p.m.•0 views

SUSE-SU-2026:1568-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103...

4CVSS5.3AI score0.00013EPSS

Exploits0References3

OSV•added 2026/04/23 8:6 a.m.•0 views

SUSE-SU-2026:21353-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

4CVSS5.2AI score0.00013EPSS

Exploits0References4

OSV•added 2026/04/23 8:5 a.m.•0 views

SUSE-SU-2026:21280-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

4CVSS5.3AI score0.00013EPSS

Exploits0References4

CVE•added 2026/03/31 12:1 p.m.•3 views

CVE-2026-24030

CVE-2026-24030 affects DNSdist and arises from unbounded memory allocation while processing DNS over QUIC (DoQ) or DNS over HTTP/3 (DoH3) payloads. The issue can trigger a denial of service; in memory-constrained environments it may cause an out-of-memory state terminating the process, though in ...

7.5CVSS5.9AI score0.00006EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/31 12:1 p.m.•19 views

CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

5.3CVSS0.00006EPSS

Exploits0References1

Veracode•added 2026/03/30 4:38 a.m.•3 views

Denial Of Service (DoS)

github.com/quic-go/quic-go is vulnerable to a Denial Of Service DoS. The vulnerability is due to missing limits on the size of decoded HTTP/3 headers from QPACK-encoded HEADERS frames, which allows an attacker to send crafted requests with large header fields to trigger excessive memory allocatio...

5.3CVSS5.9AI score0.00064EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/09 12:37 p.m.•4 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...

7.5CVSS6.8AI score0.00562EPSS

Exploits0References1

Github Security Blog•added 2026/01/08 8:12 p.m.•4 views

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...

8.7CVSS7.1AI score0.00213EPSS

Exploits0References5Affected Software1

Snyk•added 2026/01/08 4:41 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00213EPSS

Exploits0References2

Hacker One•added 2025/12/16 8:31 p.m.•14 views

curl: Certificate Pinning Bypass with wolfSSL backend over HTTP/3

Summary: A security feature bypass exists in libcurl when built with the wolfSSL backend and HTTP/3 support. The Certificate Pinning feature --pinnedpubkey is silently ignored if the user also disables peer verification -k or --insecure . This behavior is inconsistent with other backends like...

7AI score

Exploits0