CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

OSV•added 2026/01/26 2:47 p.m.•4 views

BIT-NODE-MIN-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.9AI score0.00109EPSS

Exploits0References2

IBM Security Bulletins•added 2025/12/30 5:57 p.m.•5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information Through Data Queries in Golang Go (CVE-2023-45288)

Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2023-45288 Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION...

7.5CVSS6.5AI score0.75268EPSS

Exploits1Affected Software1

RedhatCVE•added 2025/12/17 9:27 a.m.•3 views

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS6.8AI score0.00064EPSS

Exploits0References5

UbuntuCve•added 2025/12/11 9:15 p.m.•2 views

CVE-2025-64702

5.3CVSS7.1AI score0.00064EPSS

Exploits0References3

Amazon•added 2024/10/02 12:0 a.m.•5 views

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

9.8CVSS6.8AI score0.75268EPSS

Exploits1

Amazon•added 2024/08/21 12:0 a.m.•4 views

Medium: oci-add-hooks

7.5CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/08/21 12:0 a.m.•3 views

Medium: oci-add-hooks

7.5CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/08/06 12:0 a.m.•3 views

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

9.8CVSS6.8AI score0.75268EPSS

Exploits1

Amazon•added 2024/07/22 12:0 a.m.•2 views

Medium: ecs-init

9.8CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/06/12 12:0 a.m.•3 views

Medium: cri-tools

7.5CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/05/30 12:0 a.m.•3 views

Medium: golang

7.5CVSS6.7AI score0.75268EPSS

Exploits1

Amazon•added 2024/05/30 12:0 a.m.•3 views

Medium: amazon-ecr-credential-helper

7.5CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/05/30 12:0 a.m.•3 views

Medium: amazon-ecr-credential-helper

7.5CVSS6.9AI score0.75268EPSS

Exploits1

Amazon•added 2024/05/28 12:0 a.m.•2 views

Medium: oci-add-hooks

7.5CVSS6.7AI score0.75268EPSS

Exploits1

Amazon•added 2024/05/28 12:0 a.m.•3 views

Medium: cni-plugins

7.5CVSS6.7AI score0.75268EPSS

Exploits1

SUSE CVE•added 2024/04/05 2:23 a.m.•2 views

SUSE CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

5.3CVSS8.8AI score0.75268EPSS

Exploits1References60

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-39004 CVE-2023-45288 affecting package helm for versions less than 3.15.2-1

7.5CVSS7AI score0.75268EPSS

Exploits1References1