Lucene search
K

1370 matches found

vulnersOsv
vulnersOsv
added 2026/03/26 6:49 p.m.11 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +19755 more potentially affected by CVE-2026-33871 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.131.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

8.7CVSS6.7AI score0.01125EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

5.9CVSS5.8AI score0.00337EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/25 6:31 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of rate limiting in the login process. An attacker can exhaust server resources by sending a large number of parallel login requests via a single HTTP/2 packet, potentially causing the server to cra...

6.5CVSS6AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 6:31 p.m.3 views

GHSA-247X-7QW8-FP98 Mattermost doesn't rate limit login requests, allowing DoS

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

4.3CVSS5.9AI score0.00305EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.5 views

Mattermost doesn't rate limit login requests, allowing DoS

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 5:16 p.m.10 views

CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS0.00305EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed...

5.3CVSS6.6AI score0.00454EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 12:31 p.m.4 views

SUSE-SU-2026:20925-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.11 views

Oracle Linux 8 : nginx:1.24 (ELSA-2026-5581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5581 advisory. - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-12728 -...

8.2CVSS7AI score0.99999EPSS
Exploits29References2
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.11 views

CVE-2026-33186

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 10:23 p.m.389 views

CVE-2026-33186

Summary: CVE-2026-33186 affects gRPC-Go prior to 1.79.3, where Authorization bypass could occur due to improper input validation of the HTTP/2 :path header. The server accepted non-canonical paths like Service/Method (missing leading slash), causing canonical “deny” rules in path-based authorizat...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References166Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 10:23 p.m.5 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
Redos
Redos
added 2026/03/19 12:0 a.m.7 views

ROS-20260319-73-0002

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

7.5CVSS7.3AI score0.99999EPSS
Exploits19
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.6 views

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

8.2CVSS6.8AI score0.00979EPSS
Exploits1References6
OSV
OSV
added 2026/03/18 10:1 a.m.2 views

SUSE-SU-2026:20752-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS6.9AI score0.00764EPSS
Exploits2References19
Snyk
Snyk
added 2026/03/17 12:46 p.m.3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the http/2 server implementation. An attacker can cause application instability or crashes by sending specially crafted HTTP/2 requests that trigger authentication failures, leading to access of freed memory. Note: Thi...

8.6CVSS5.8AI score0.00829EPSS
Exploits1References2
NVD
NVD
added 2026/03/17 12:16 p.m.9 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS0.00829EPSS
Exploits1References6
OSV
OSV
added 2026/03/17 12:16 p.m.5 views

UBUNTU-CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:14 a.m.5 views

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References6
Rows per page
Query Builder