Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

189 matches found

OSV
OSVadded 2025/12/16 1:15 a.m.1 views

UBUNTU-CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.7AI score0.00292EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2025/12/16 12:19 a.m.4 views

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.2AI score0.00292EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/09 4:54 a.m.8 views

Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

7.5CVSS6.5AI score0.00561EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/12/09 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: netty (UTSA-2025-991102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991102 advisory. Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP...

6.9CVSS7.9AI score0.01617EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/10 10:23 a.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setti...

9.8CVSS8.3AI score0.19312EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/31 7:8 p.m.18 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS7.2AI score0.02164EPSS
Exploits2Affected Software1
OSV
OSVadded 2025/10/24 2:33 p.m.3 views

OESA-2025-2528 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS8AI score0.01617EPSS
Exploits0References2
OSV
OSVadded 2025/10/24 2:33 p.m.5 views

OESA-2025-2526 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

6.9CVSS7.8AI score0.01617EPSS
Exploits0References2
NVD
NVDadded 2025/10/15 4:15 p.m.6 views

CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS0.01617EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/15 3:42 p.m.2 views

CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS7.6AI score0.01617EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2025/10/15 3:42 p.m.7 views

CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS7.8AI score0.01617EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/10/15 12:0 a.m.3 views

PT-2025-42370

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.128.Final and 4.2.7.Final Description Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return r and Line Feed characters in user-supplied parameters. The...

6.9CVSS6.7AI score0.0266EPSS
Exploits0References371
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2021-0647

Malware in sbrugna...

5.9CVSS6.3AI score0.18891EPSS
Exploits0References135
Veracode
Veracodeadded 2025/10/06 4:44 p.m.4 views

HTTP Request Smuggling

io.netty, netty-codec-http is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrectly accepting standalone newline characters LF as a chunk-size line terminator instead of requiring CRLF per HTTP/1.1 standards, which allows an attacker to craft malicious requests that are...

7.5CVSS7AI score0.00631EPSS
Exploits1References10Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-1713

Malicious code in bioql PyPI...

6.5CVSS7.4AI score0.02459EPSS
Exploits1References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-4081

Malicious code in bioql PyPI...

5.5CVSS6.8AI score0.00357EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-2493

Malicious code in bioql PyPI...

9.6CVSS8.1AI score0.01036EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-26649

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00561EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2022-7648

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00885EPSS
Exploits1References12
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-3334

Malicious code in bioql PyPI...

5.5CVSS7.1AI score0.00408EPSS
Exploits1References4
Rows per page
Query Builder