Lucene search
+L

375 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-15713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-15713

This CVE affects Libsoup’s HTTP/2 implementation. The issue is a memory leak where memory context blocks are not properly released under specific stream termination conditions (e.g., window exhaustion or explicit stream resets). A remote, unauthenticated attacker acting as a malicious network pee...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-49788 HTTP/2 Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-49788

CVE-2026-49788 : An HTTP/2 denial-of-service vulnerability due to unbounded resource allocation allows an unauthenticated network attacker to exhaust resources and disrupt service. CVSSv3.1 base score 7.5 (HIGH); vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No product/vendor/version details are p...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2980 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 7:27 p.m.5 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/07/07 9:48 p.m.9 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
OSV
OSV
added 2026/07/07 12:34 p.m.2 views

SUSE-SU-2026:22567-1 Security update for docker-compose

This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...

9.6CVSS6.5AI score0.00868EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:7 a.m.4 views

HTTP/2 stream-dependency tree UAF

...

9.8CVSS6.1AI score0.00891EPSS
Exploits1
OSV
OSV
added 2026/07/03 6:11 a.m.8 views

CVE-2026-10536 HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS6.1AI score0.00891EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2026/07/02 12:3 p.m.11 views

USN-8398-4: nginx vulnerability

USN-8398-3 fixed a vulnerability in nginx. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A...

7.5CVSS5.8AI score0.11471EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:3 p.m.6 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 8:55 p.m.16 views

EUVD-2026-37798

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.11 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.7AI score0.00656EPSS
Exploits0
OSV
OSV
added 2026/06/24 1:10 p.m.7 views

OESA-2026-2698 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The HTTP/2 server in libsoup may not...

8.6CVSS6.9AI score0.00947EPSS
Exploits1References7
OSV
OSV
added 2026/06/24 8:46 a.m.2 views

SUSE-SU-2026:2609-1 Security update for apptainer

This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal bsc1264177. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

10CVSS6.8AI score0.01557EPSS
Exploits1References27
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.42 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS0.00566EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 12:12 p.m.5 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.10 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Rows per page
Query Builder