Lucene search
K

1712 matches found

OSV
OSV
added 2026/05/13 4:16 p.m.8 views

ALPINE-CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.5AI score0.00339EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-42409

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.8 views

CVE-2026-41227

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.24 views

PT-2026-40762

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a code vulnerability in F5 BIG-IP. This vulnerability arises when configuring...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

FreeBSD : zeek -- potential DoS vulnerability (e665f0a2-fe6d-44b0-ba9e-d383f055a8a3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e665f0a2-fe6d-44b0-ba9e-d383f055a8a3 advisory. Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP coul...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29515

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.8AI score0.00548EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/05/12 12:0 a.m.19 views

zeek -- potential DoS vulnerability

Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/11 9:39 p.m.42 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/11 9:14 p.m.5 views

CVE-2026-7010 HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

5.8AI score0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:14 p.m.6 views

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

5.8AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

HTTP::Tiny 注入漏洞

HTTP::Tiny is a small, simple, and correct HTTP/1.1 client developed by Perldoc. Versions prior to HTTP::Tiny 0.093 had an injection vulnerability due to unvalidated CRLF characters. This vulnerability could allow attackers to inject additional headers and request payloads...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.15 views

SUSE CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References69
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.8 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
EUVD
EUVD
added 2026/05/07 7:41 p.m.14 views

EUVD-2026-28420

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

5.8AI score0.00781EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/07 12:22 a.m.12 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling when parsed HTTP requests contain malformed Transfer-Encoding headers...

8.7CVSS5.8AI score0.00248EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.9 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

5.9AI score0.00326EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/06 10:16 p.m.13 views

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References2
NVD
NVD
added 2026/05/06 1:16 p.m.66 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS0.00319EPSS
Exploits0References4
Rows per page
Query Builder