Lucene search
K

1714 matches found

RedHat Linux
RedHat Linux
added 2 days ago4 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0073EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago3 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago3 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/03 1:9 a.m.7 views

[SECURITY] Fedora 43 Update: cpp-httplib-0.48.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS6.7AI score0.00632EPSS
Exploits6
Snyk
Snyk
added 2026/07/02 10:17 p.m.6 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

7.5CVSS6AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:3 p.m.8 views

EUVD-2026-41095

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:2 p.m.5 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:2 p.m.33 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

0.00587EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:27 a.m.2 views

SUSE-SU-2026:2702-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS6.6AI score0.00376EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 6:30 p.m.6 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS5.7AI score0.00382EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/27 5:58 a.m.5 views

Information Disclosure

angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References8Affected Software1
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-1.30.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03459EPSS
Exploits4
OSV
OSV
added 2026/06/26 12:23 p.m.2 views

SUSE-SU-2026:2654-1 Security update for libsoup2

This update for libsoup2 fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16 Security Update : ignition (SUSE-SU-2026:22181-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22181-1 advisory. This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

7.5CVSS6.8AI score0.00781EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 12:23 p.m.6 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 3:50 p.m.6 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1References1Affected Software2
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0029

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.8CVSS6.8AI score0.00591EPSS
Exploits1
Rows per page
Query Builder