CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/20 4:56 p.m.•6 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

9.1CVSS6.8AI score0.0002EPSS

OSV•added 2026/05/20 3:35 p.m.•2 views

GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

3.1CVSS6.3AI score

Exploits0References5

7.5CVSS7.4AI score0.01205EPSS

Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat when using the APR/Native connector, involving concurrent execution with shared resources and improper synchronization known as “race condition”. This issue is particularly noticeable during client-initiated closures of HTTP/2 connections. The vulnerabili...

7.5CVSS6.6AI score0.00559EPSS

Astra Linux - уязвимость в jetty9

Jetty is a Java-based web server and servlet engine. An HTTP/2 SSL connection that is established and becomes TCP congested may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the serve...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final, there is a vulnerability that allows for request smuggling. This...

5.9CVSS6.5AI score0.0316EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в apache2

HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...

7.5CVSS7AI score0.87555EPSS

Exploits2References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в nghttp2, jetty9, netty, tomcat9

The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...

7.5CVSS7AI score0.94394EPSS

Exploits19References2

7.5CVSS6.8AI score0.0015EPSS

Astra Linux - уязвимость в golang-1.19

A malicious HTTP/2 client that quickly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is limited by the http2.Server.MaxConcurrentStreams setting, resetting an ongoing request allows the attacker to create a new...

7.5CVSS6.8AI score0.00264EPSS

Astra Linux - уязвимость в golang-golang-x-net, golang-1.19

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, enough to trigger a denial of service due to a small number of small requests...

Exploits0References1

7.5CVSS5.8AI score0.02675EPSS

Astra Linux - уязвимость в apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в golang-golang-x-net

An attacker can cause excessive memory usage in a Go server that accepts HTTP/2 requests. HTTP/2 server connections include a cache of HTTP header keys sent by the client. Although the total number of entries in this cache is limited, an attacker who sends very large keys can cause the server to...

5.3CVSS6.9AI score0.00331EPSS

7.5CVSS7.1AI score0.00109EPSS

Astra Linux - уязвимость в nodejs

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в nodejs

A memory leak could occur when a remote peer abruptly closes the socket without sending a “GOAWAY” notification. Additionally, if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer, the same memory leak will be triggered. This flaw could lead to increase...

5.3CVSS6.8AI score0.00164EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

9.2CVSS6.1AI score0.00288EPSS

Exploits36References9

RedHat Linux•added 2026/05/19 6:15 p.m.•6 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

9.1CVSS6.8AI score0.0002EPSS

RedHat Linux•added 2026/05/19 4:16 p.m.•9 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00931EPSS