CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101720 matches found

Snyk•added 2026/05/07 1:49 a.m.•4 views

Open Redirect

Overview microsoft-kiota-http is a python HTTP implementation with HTTPX library. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a...

7CVSS5.8AI score0.00079EPSS

Exploits0References2

vulnersOsv•added 2026/05/07 1:49 a.m.•4 views

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +95 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=1.10.1 <=1.9.2)

microsoft-kiota-http PYPI version =1.10.1, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =3.0.1, =3.0.1, =0.1.1, =0.2.1, =0.1.0, =2.0.0 and more Source cves: CVE-2026-44503 Source advisory: SNYK:PYTHON-MICROSOFTKIOTAHTTP-16699940...

7CVSS5.8AI score0.00079EPSS

Exploits0

vulnersOsv•added 2026/05/07 1:49 a.m.•2 views

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +101 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=0.4.4 <=1.9.2)

microsoft-kiota-http PYPI version =0.4.4, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =2.4.2, =2.4.2, =3.0.1, =0.1.1, =0.2.0 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...

7CVSS5.8AI score0.00079EPSS

Exploits0

GithubExploit•added 2026/05/07 1:47 a.m.•48 views

Exploit for CVE-2026-43585

CVE-2026-43585 Overview Prior to version 2026.4.15, OpenC...

9.2CVSS5.8AI score0.00131EPSS

Exploits1

OSV•added 2026/05/07 12:46 a.m.•2 views

GHSA-F6HV-JMP6-3VWV Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS

Summary HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br Brotli, zstd, or...

7.5CVSS5.9AI score0.00018EPSS

Exploits1References3

Snyk•added 2026/05/07 12:46 a.m.•6 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the HttpContentDecompressor and...

8.7CVSS5.8AI score0.00018EPSS

Exploits1References2

Github Security Blog•added 2026/05/07 12:46 a.m.•9 views

Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS

7.5CVSS5.9AI score0.00018EPSS

Exploits1References3Affected Software2

vulnersOsv•added 2026/05/07 12:46 a.m.•3 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42587 Source advisory: OSV:GHSA-F6HV-JMP6-3VWV...

7.5CVSS5.8AI score0.00018EPSS

Exploits1

Snyk•added 2026/05/07 12:46 a.m.•7 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the HttpContentDecompressor and DelegatingDecompressorFrameListener components when the Content-Encoding header is set to br, zstd, or snappy. An attacker can exhaust...

8.7CVSS5.8AI score0.00018EPSS

Exploits1References2

vulnersOsv•added 2026/05/07 12:46 a.m.•3 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42587 Sourc...

7.5CVSS5.8AI score0.00018EPSS

Exploits1

vulnersOsv•added 2026/05/07 12:22 a.m.•5 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

7.5CVSS5.8AI score0.00012EPSS

Exploits1

vulnersOsv•added 2026/05/07 12:22 a.m.•2 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

7.5CVSS5.8AI score0.00012EPSS

Exploits1

vulnersOsv•added 2026/05/07 12:22 a.m.•4 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

7.5CVSS5.8AI score0.00012EPSS

Exploits1

OSV•added 2026/05/07 12:22 a.m.•1 views

GHSA-38F8-5428-X5CV Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...

6.5CVSS6AI score0.00012EPSS

Exploits1References4

Github Security Blog•added 2026/05/07 12:22 a.m.•11 views

Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

7.5CVSS6AI score0.00012EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/05/07 12:21 a.m.•7 views

Netty has HttpClientCodec response desynchronization

Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD a...

9.1CVSS5.8AI score0.00016EPSS

Exploits1References3Affected Software1

vulnersOsv•added 2026/05/07 12:21 a.m.•4 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42584 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

9.1CVSS5.8AI score0.00016EPSS

Exploits1

vulnersOsv•added 2026/05/07 12:21 a.m.•2 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42584 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

9.1CVSS5.8AI score0.00016EPSS

Exploits1

vulnersOsv•added 2026/05/07 12:21 a.m.•4 views

9.1CVSS5.8AI score0.00016EPSS

Exploits1

Github Security Blog•added 2026/05/07 12:19 a.m.•7 views

Netty HTTP/3 QPACK literal unbounded allocation

Summary When Netty decodes HTTP/3 headers, it sometimes runs new bytelength using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length on the order of a gigabyte. Details When decoding header blocks, the non-Huffman branch of...

7.5CVSS5.9AI score0.00017EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by